Cedders Posted June 19, 2008 Share Posted June 19, 2008 We're an ISP/host with a range of 63 IPs. Our correct abuse[at] addresses come up for this range, and we do get occasional SpamCop user reports (3 so far this year, last on 25 May). However, we have also subscribed other postmaster addresses to get alerts and summary reports for the same range. Sometimes we get these ("[spamCop] Alert"), but there is no corresponding email to abuse[at] With just the IP address specified in the alert, but no message id (or X-PHP-scri_pt header, which is useful for detecting intrusions into client Apache sites), it is harder to act on these. I've checked the server logs this last time it's happened but see no attempt to connect from SpamCop or to abuse. Occasionally the opposite happens too: We see [spamCop (18.104.22.168) id..] but if there is any summary for that IP, it comes 5-7 days later, and shows a '1' under 'Trap', and a '0' under 'User'. Is there any reason this might happen? Mostly when we get the summary but not the full report, it is listed as "Trap: 1" and refers to one of our IPs which we actually sub-let to a sister network - however, we are still the abuse contact for this IP address if I feed it into SpamCop. Should we get full reports for "Trap"? Also when we do get the summaries, there is a link to mark the issue as closed, but shouldn't that be done by the abuse[at] address? As I understand it, anyone can get 3rd party summaries for any range. I may be missing something obvious here. Any explanation appreciated. Thanks to SpamCop for a great reporting tool, although sometimes I wish it were easier to find info on the help pages. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.